Warning - this blog contains opinions, strong language, occasional bold text, and HTML. Viewer discretion is advised.

2015/03/04

Great Article on Cryptowall 3.0 from blogs.cisco.com

Worth a read:

http://blogs.cisco.com/security/talos/cryptowall-3-0

My only question is why would the dropper care whether it's running in a virtual environment?  A bit more digging reveals that the malware author is assuming that if his code ends up running in a VM, it's probably a sandbox and being studied, so the malicious code refuses to co-operate.  Clever.

Here's the analysis of Cryptowall 2.0, from the same blog:

blogs.cisco.com/security/talos/cryptowall-2

No comments:

Post a Comment